SeCIF Researchers find Vulnerabilities in Stack Canaries

January 24, 2019

Original article in I’MTech in English: “Stack canaries: overestimating software protection”

Original article in I’MTech in French: “Les stack canaries : une protection logicielle surestim√©”

Stack Canaries are a form of software protection to detect corruptions used in all modern operating systems. The name is derived from the historic use of canaries in coal mines as early-warning signals to detect toxic gases, mainly carbon monoxide. Similarly, stack canaries are used as a detection mechanism for stack buffer overflow before execution of malicious code can occur. SeCIF researchers from TUM and EURECOM have identified vulnerabilities that make it possible to bypass these safety measures under certain conditions.


(Photo from cited article: Michael Sonnabend / flickr.)